Users now recommended to reset passwords

Apr 13, 2019 15:45 GMT  ·  By

Microsoft has just revealed that it suffered a breach earlier this year and hackers were able to access certain user email information.

In an email sent to impacted users and obtained by TechCrunch, Microsoft explains that a malicious actor managed to compromise the credentials of a Microsoft support agent.

This allowed individuals not working for Microsoft to access information stored in Microsoft email accounts (@outlook.com, @hotmail.com, @msn.com), and according to the cited source, businesses weren’t affected.

The information exposed to hackers includes email addresses, folder names, subject lines of emails, names of other email addresses that users communicate with. No email content or attachments were exposed to hackers, Microsoft claims.

The unauthorized access was recorded between January 1, 2019 and March 28, 2019, Microsoft says, but the company hasn’t provided any specifics as to how the hackers managed to compromise the credentials of the support agent.

Passwords not exposed

The software giant says it immediately disabled the compromised account once it detected the breach.

“Upon awareness of this issue, Microsoft immediately disabled the compromised credentials, prohibiting their use for any further unauthorized access. Our data indicates that account-related information (but not the content of any e-mails) could have been viewed, but Microsoft has no indication why that information was viewed or how it may have been used,” the firm says in the email sent to affected users.

Microsoft now warns of an increasing number of phishing emails that could be sent to users, and it recommends everyone to reset passwords. However, it’s important to know that passwords weren’t exposed to hackers, albeit Microsoft says it’s better to change them “out of caution.”

For now, it’s not yet known how many users were exposed, but as per the cited source, there’s a chance at least some are based in Europe.

You can read the full email below, and for additional information and assistance, you can reach out to the company’s Incident Response Team at [email protected].

Microsoft Email